50 lines
1.4 KiB
PHP
50 lines
1.4 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class EnsureOnboardingComplete
|
|
{
|
|
/**
|
|
* Paths that must always be reachable regardless of onboarding state,
|
|
* so authenticated users can log out, complete OAuth flows, etc.
|
|
*/
|
|
private const ALWAYS_ALLOW = [
|
|
'logout',
|
|
'auth/*', // OAuth redirects & callbacks
|
|
'verify/*', // email verification links
|
|
'setup/*', // all /setup/* pages (password, username)
|
|
'up', // health check
|
|
];
|
|
|
|
public function handle(Request $request, Closure $next): Response
|
|
{
|
|
$user = $request->user();
|
|
if (! $user) {
|
|
return $next($request);
|
|
}
|
|
|
|
$step = strtolower((string) ($user->onboarding_step ?? ''));
|
|
if ($step === 'complete') {
|
|
return $next($request);
|
|
}
|
|
|
|
// Always allow critical auth / setup paths through.
|
|
if ($request->is(self::ALWAYS_ALLOW)) {
|
|
return $next($request);
|
|
}
|
|
|
|
$target = match ($step) {
|
|
'email' => '/login',
|
|
'verified' => '/setup/password',
|
|
'password', 'username' => '/setup/username',
|
|
default => '/setup/password',
|
|
};
|
|
|
|
return redirect($target);
|
|
}
|
|
}
|